104 lines
2 KiB
Nix
104 lines
2 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}: {
|
|
containers.conduit = {
|
|
autoStart = true;
|
|
privateNetwork = true;
|
|
hostAddress = "192.168.100.10";
|
|
localAddress = "192.168.100.11";
|
|
hostAddress6 = "fc00::1";
|
|
localAddress6 = "fc00::2";
|
|
bindMounts = {
|
|
"/var/lib/" = {
|
|
hostPath = "/var/containers/conduit";
|
|
isReadOnly = false;
|
|
};
|
|
};
|
|
config = {
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}: {
|
|
# Conduit proper
|
|
services.matrix-conduit = {
|
|
enable = true;
|
|
settings.global = {
|
|
server_name = "stranger.systems";
|
|
allow_registration = false;
|
|
port = 6167;
|
|
};
|
|
};
|
|
# Open the port
|
|
networking.firewall.allowedTCPPorts = [6167];
|
|
|
|
system.stateVersion = "24.11";
|
|
};
|
|
};
|
|
|
|
services.nginx = {
|
|
virtualHosts = {
|
|
"matrix.stranger.systems" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
|
|
listen = [
|
|
{
|
|
addr = "0.0.0.0";
|
|
port = 443;
|
|
ssl = true;
|
|
}
|
|
{
|
|
addr = "[::]";
|
|
port = 443;
|
|
ssl = true;
|
|
}
|
|
{
|
|
addr = "0.0.0.0";
|
|
port = 80;
|
|
ssl = false;
|
|
}
|
|
{
|
|
addr = "[::]";
|
|
port = 80;
|
|
ssl = false;
|
|
}
|
|
{
|
|
addr = "0.0.0.0";
|
|
port = 8448;
|
|
ssl = true;
|
|
}
|
|
{
|
|
addr = "[::]";
|
|
port = 8448;
|
|
ssl = true;
|
|
}
|
|
];
|
|
|
|
locations."/_matrix/" = {
|
|
proxyPass = "http://backend_conduit$request_uri";
|
|
proxyWebsockets = true;
|
|
extraConfig = ''
|
|
proxy_set_header Host $host;
|
|
proxy_buffering off;
|
|
'';
|
|
};
|
|
|
|
extraConfig = ''
|
|
merge_slashes off;
|
|
'';
|
|
};
|
|
};
|
|
|
|
upstreams = {
|
|
"backend_conduit" = {
|
|
servers = {
|
|
"192.168.100.11:6167" = {};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|